We do this annual report on the future of IT because technology has become pervasive, and is pushing the boundaries of what’s possible in every industry, every market and every business. In fact, we believe that Every Business is a Digital Business – technology innovations now represent trends in both business and technology.

Our premise for the Accenture Technology Vision is pretty simple: if you don’t know what’s going on, you can’t prepare for it, and you certainly can’t take advantage of it. Within Accenture, we use the Vision as an input to guide our technology R&D investments; externally, we use the Vision to help our clients not just identify and understand key emerging technologies, but also use them to make their business performance even better – and stand out from the competition.

This year’s Accenture Technology Vision lays out the following major technology trends affecting organizations in the public and private sectors:

• Digital Relationships at Scale: Moving beyond transactions to digital relationships
• Design for Analytics: Formulate the questions, and design for the answers
• Data Velocity: Matching the speed of insight to the speed of action
• Seamless Collaboration: Right channel, right worker, right job
• Software-Defined-Networking: Virtualization’s last mile
• Active Defense: Adapting cyber defenses to the threat
• Beyond the Cloud: Where the Value Lies

Accenture observes that increasing numbers of farsighted organizations are recognizing IT as a strategic asset with which they can renew vital aspects of their operations—optimizing at least and innovating at best. As such, they are investing in the digital tools, the capabilities, and the skills to more easily identify useful data, evaluate it, excerpt it, analyze it, derive insights from it, share it, manage it, comment on it, report on it, and, most importantly, act on it.

But the Technology Vision is just a starting point. Yes, it provides a lens for us to focus in on the technology landscape and shows us where to turn next, but it is only useful if we can translate the Vision into real solutions, addressing real problems in real industries. That’s why this year’s Vision presents 100- and 365-day plans for each technology trend so that organizations can take the insights and act upon them.

Stay tuned to Blogpodium because in the coming weeks I will discuss each of the seven Accenture Technology Vision Trends in more detail and how these trends present opportunities for companies ready to take advantage of them.

Besides personal data, organizations often deal with Intellectual Property material. This information should not be accessible for competitors and therefore moving this kind of data outside the organization – to the “open” and “accessible” Cloud – many organizations rank Cloud computing as the highest level risk implementations in terms of Security and Privacy.

Security craftsmanship
The main concerns for many organizations who are on a journey of implementing Cloud computing are related to the high level risk implementations in terms of Security and Privacy. So, is it safe to use the Cloud when it comes to the security of your corporate data? Despite the perception of Security, Privacy and Audit departments, Cloud may be the best thing that ever happened for security. I personally believe that the majority of organizations can improve the security of their data by moving to the Cloud.

Most companies and institutions are not particularly specialized in information security. To secure the data entrusted to the Cloud and properly address secure cloud solutions, organizations need five principles for crafting a security strategy for the cloud:

1. Know your appetite for privacy and security risk: in the end security is all about Risk Management. Does your organization understand the risks and are they willing to take risks? Do you have a Risk Management Framework? And what applications do you entrust to the Cloud?
2. Expect to share responsibility: the Cloud market is rapidly maturing and it is moving away from a one-size fits all approach. Service providers are willing to discuss and share the risk and data owners must bear the legal obligations. Therefore organizations must choose a cloud model that works for them: Iaas, Paas or Saas.
3. Demand transparency and accountability from cloud providers: depending on the cloud model you choose, sharing responsibilities requires reasonable transparency and accountability from providers. But organizations can benefit from a good Cloud service provider, who has an extensive worked out security policy and specialized security employees most organizations don’t have.
4. Use the cloud to solve identity and access management issues: if you want to reap the benefits of the cloud, you need to move your access management to the cloud. Authenticate people, but tie privileges to roles, not applications.
5. Architect solutions that address the risk: most organizations use a form of Hybrid models. But implementing security can be done through a blend of methods incl. considering multiple cloud vendors and data encryption.

Encrypt your data
The encryption of data will play a big role around Cloud and will be part of the cloud offering in the nearby future. To secure the data entrusted to the Cloud and properly address secure cloud solutions, organizations must encrypt all their critical information sources. When only people who have been granted access can decipher the encryption, data can safely be stored anywhere.

An upcoming trend is that organizations are using security services from the Cloud to secure not only data in the cloud but also the data located on their servers. For example, some anti virus and malware detection providers are no longer using client based databases of virus signatures but rather use a cloud based service to ensure the latest information is available at all times. So rather than see cloud as a threat for security, security professionals should embrace the cloud and in some cases even look for the cloud to assist in securing their on-premise data.

In a research performed by the London School of Economics, a questionnaire was sent to both Business and IT leaders, asking how appealing cloud was for them. The outcome of this is that the Business Leaders see cloud 20% more appealing than IT leaders. When they asked about the concerns when implementing cloud, the difference was even greater: the IT leaders where 35% more concerned about cloud implementation than business leaders. The risk with this is that business will look at IT as “old school” and will make their own decisions, not including IT anymore. Today IT services can be ordered “the-drive-through-way”, just provide a credit card and you are up and running in minutes.

Problems arise when these solutions have to be integrated with the existing IT service delivery and when IT organizations are confronted with spot-solutions that do not meet the required security/privacy regulations yet still require a data feed from the central IT systems. As cloud will have an impact on the Operating Model of IT organizations, simply issuing a “Cloud Policy” is not enough. In order to become truly cloud enabled, IT organization need to take the following three steps:

• IT must shift its focus from building bespoke systems to selecting and managing pre-configured components: Cloud will drive IT organization towards a “IT Service Broker” where the right IT components will be procured from providers meeting the right customer needs and at the right price. This will have major implications for talent management as IT’s required skill sets will shift from technical skills to business management skills.
• IT must become the “data custodian” for the entire business: In a cloud environment, corporate, customer and transactional data will be shared, processed and communicated across a wide range of cloud-based services. As a result, there will be a critical need for a “data custodian” that looks across the entire business, and acts as the protector of data integrity, security and consistency throughout all systems and processes. IT needs to seize this role as its own.
• IT must adopt a new operating model for the cloud era: IT will need to adopt a new operating model that reflects the distinct opportunities and risks of cloud-based provisioning. This new model must empower IT to team up closely with business customers to understand and meet their changing needs, using a skillfully integrated blend of cloud and legacy/on-premise technologies. It is a model where process maturity is key—and which brings significant implications for the IT organization’s workforce and skills.

The only way IT organizations can prevent these problems is to accept that cloud is coming and that they can better embrace it rather than fight it. That will give them an opportunity to lower their running costs and be perceived by the Business Leaders as innovative and a true business partner. The migration to a cloud enabled business is a journey of intense change and discovery both for IT and the business as a whole. It is one both parties must undertake together and in close alignment or risk missing out on the full benefits that cloud has to offer.

Cloud computing biedt laagdrempelige toegang tot een gezamenlijke bron van in te stellen ICT-middelen, zoals servers, opslagcapaciteit, applicaties en webservices. Deze bronnen kunnen snel vrijgegeven en ingezet worden met minimale beheeractiviteiten of interactie met de providers van de gewenste oplossingen. De “cloud” is een populair begrip, waarbij er drie typen diensten kunnen worden onderscheiden: Infrastructure as a Service, Platform as a Service en Software as a Service.

Infrastructure as a Service
Bij Infrastructure as a Service (IaaS) wordt de infrastructuur virtueel aangeboden. Een publieke organisatie zoals een gemeente of ministerie kan bijvoorbeeld het netwerk, de opslagcapaciteit (storage) en de rekencapaciteit (CPU) afnemen van een aanbieder. Deze zorgt voor een optimale beschikbaarheid van het systeem, geeft toegang tot de servers en maakt automatisch back-ups. Het extern hosten van datavoorzieningen zien we steeds meer terug in ICT shared service centers: samenwerkingsverbanden van meerdere organisaties waarbij in ieder geval de infrastructuur met elkaar wordt gedeeld. Hiermee verkleinen individuele organisaties hun kwetsbaarheid op het gebied van ICT, terwijl de kwaliteit van dienstverlening dankzij de bundeling van kennis en vaardigheden op het gebied van ICT wordt vergroot.

Platform as a Service en Software as a Service
Platform as a Service (PaaS) geeft organisaties de mogelijkheid binnen een vooropgezette infrastructuur, het zogeheten cloudplatform, bestaande applicaties te gebruiken alsmede eigen applicaties te ontwikkelen, te testen, uit te leveren en te beheren. Windows Azure is het cloudplatform van Microsoft waarop applicaties in de cloud draaien en gebouwd worden. Deze applicaties zijn in enkele minuten uit te rollen.

Software as a Service (SaaS) is de bekendste vorm van cloud computing. Software wordt in deze vorm als een online dienst aangeboden. Een organisatie hoeft hierdoor de software niet zelf aan te schaffen, maar betaalt alleen naar gebruik van de service. De SaaS-aanbieder zorgt voor upgrades, beschikbaarheid en toegang tot de (web)services.

De cloud maakt het werken binnen private en publieke organisaties flexibeler. Het opschakelen of terugbrengen van extra werkplekken bij piektijden, zoals bij kortlopende (IT)projecten, kan hiermee goed worden georganiseerd. Gebruikers hebben tevens de mogelijkheid om tijd- en plaatsonafhankelijk te werken, doordat gegevens en applicaties online beschikbaar kunnen worden gesteld. Vaak wordt de benodigde opslagcapaciteit van gegevens in een organisatie gebaseerd op de zogenaamde peakload plus een extra veiligheidsmarge en een groeiverwachting. In de praktijk blijkt dat gemiddeld slechts 20% van de capaciteit wordt gebruikt en dus 80% wel is aangeschaft maar meestal onbenut blijft. Door gebruik te maken van dataopslag uit de cloud wordt alleen betaald voor wat werkelijk wordt gebruikt. Deze kostenbesparing kan worden versterkt door schaalvoordeel. Als ook andere organisaties gebruik maken van dezelfde cloud daalt de prijs per gebruiker.

Het kunnen vertrouwen op de cloud is de komende jaren een van de belangrijkste succesfactoren voor cloud computing in zowel het privé- als het publieke domein. Eurocloud, de belangenvereniging rondom cloud computing in Europa, pleit in haar zestien punten tellende actieplan dan ook voor een systeem van certificering van cloudaanbieders. Hiermee ontstaat inzicht in hun processen. Certificering biedt de klanten van de cloudaanbieders een gemeenschappelijk evaluatiekader op basis waarvan de aanbieders kunnen worden beoordeeld.  Want meedrijven op de wolken van ICT-middelen is pas constructief als het beoordelend en besluitvormend vermogen daartoe de focus heeft staan op schaalbaarheid, snelheid en samenwerking. Wolken ontstaan in veel gevallen ook op die manier.

The summit started with a welcoming note by TNW founder Boris Veldhuijzen van Zanten and Accenture’s Senior Executive Digital Transformation Harald Timmer. During the four hour Summit I had the opportunity to interview four speakers asking what brought them to The Next Web Summit, the key takeaways of their presentation and what their advice is for enterprises to start doing tomorrow.

The rise of the Data Scientist
Hilary Mason – Chief scientist at Bit.ly discusses the rise of the Data Scientist, a new class of professionals integrated into large and small organizations enabling them to make sense out of the Big Data stored in their servers. Data scientists are building products and models out of data and explaining and visualizing it, turning that wealth of data into usable benchmarks for sound business decisions.

Tapping the minds of many
Looking to the future, crowds and crowd sourcing are the future of business, governments and social innovation, according to Ross Dawson. This futurist and author on how companies can leverage social networking for knowledge sharing – explained that looking at the future enables organizations to make better decisions. Innovation is at the heart of crowd sourcing and therefore it’s particularly important to look into the world of crowds to gain insights starting today. There is a blurring boundary between organizations and their surroundings, and by tapping the minds of many, organizations have the opportunity to reach out and gain the thoughts, insights and ideas of individuals. Tapping the minds of many people is a fundamental part of the future of organizations. By bringing a global talent pool into the organization they can out-compete the competition. Therefore innovation must go beyond the boundaries of organizations.

Not surprisingly, Andrew Keen has a different view and the discussion continues online.

The Lean Cloud
Well-known as one of the ‘cloud computing’ pioneers, Werner Vogels emphasized how cloud computing enables enterprises to succeed in an agile world. Key point in making your organization lean is removing all the waste, which is anything that does not lead to direct value for the customer. Although many organizations move to the cloud looking for availability, the cloud offers far more advantages for organizations. Besides agility and improving Time to Market, it enables organizations to drive down the cost of innovation due to the minimal expenses of investments and maintenance in hardware. With cloud computing to stay, it will change the way IT will be delivered in the enterprise.

The importance of Social Media
In May 2011, Royal Dutch Shell had it first page on Facebook because Herbert Heitmann – EVP External Communications of Royal Dutch Shell wanted Shell to open up and engage with their stakeholders. With the help of Facebook and other partners, Shell managed to engage 1 million fans in the first few months. Although Shell deals with the openness of social media and the more sensitive topics surrounding the organization, Heitmann explains that there is no such thing as control over social medial. What comes closest to control is engagement and taking advantage of the opportunities of social media, rather than worry about the risks and lack of control. Therefore there is no reason to be afraid or shy to engage. ”Social Media are for organizations a fantastic medium to engage with stakeholders, without any kind of mediator in between. That means you get real-time and first hand input, and you have the opportunity to tell your story without any kind of distortion”.

Accenture’s Harald Timmer concluded that the way organizations respond to the shift from information to interaction will be a major factor in their success or failure. Digital, social media and mobile are becoming dominant, and changes the way organizations are organized and operate. Customers are changing and telling their providers how they should understand their needs and tell them how to interact with the customers. Therefore organizations have to take on the digital revolution head on by integrating digital into their business model.

Lastly Harald leaves us with the key take-away of the day: “Embrace digital and engage with your customers by making them part of your community and organization. Let them do the talking for you”.

This week Accenture published its Technology Vision 2012, an annual outlook of the most important emerging technology trends that are predicted to have a critical impact on businesses; a distillation from the experiences of our research teams and the input of our clients. The emerging technology trends are outlined so forward-thinking CIOs will use these to position their organizations to drive growth and high performance, rather than just focusing on cost-cutting and efficiency improvements.

Technology Vision 2012
In Technology Vision 2012 Accenture identifies context-based services as one of six key trends, predicting that a surge in context-based services is imminent. This is enabled by the convergence of and easy access to many sources of contextual information, including soaring smartphone usage, the expansion of cloud computing, an explosion of social media participation, and the development of powerful tools for aggregating and analyzing multiple forms of data.

CIOs and other IT leaders who have started to leverage contextual data to build a deeper understanding of consumer preferences and habits are establishing themselves as strategic players within their companies. They are teaming more effectively with functions such as sales and marketing and leveraging contextual services to drive new revenue and deliver more value for their businesses. It will be the CIO’s job to frame for the C-suite the opportunity of contextual services—pushing the executives to “dream bigger” and identifying what new products and services are becoming possible as context becomes key.

Other trends
The other trends in the Accenture Technology Vision 2012 include:

• Converging Data Architectures: It is not just the rising volume of data that will challenge organizations, but rather developing new data architectures for effectively handling both structured and unstructured information.
• Industrialized Data Services: Related to the data architecture trend, the true value of data will be realized when it is shared freely. To do that, data is being decoupled from applications and no longer owned by a single business.
• Social-Driven IT: social media are becoming powerful catalysts that are changing the ways customers, employees and partners use technology to interact with the world around them. Most enterprises have yet to catch up to that reality and almost none take full advantage of it.
• PaaS-Enabled Agility: the report emphasizes the importance of the agility of the platform in concert with market viability and a focus on the complementary collection of business services also provided by the vendor. PaaS providers will increasingly offer three additional components: reusable business services, integration capabilities, and extension capabilities.
• Orchestrated Analytical Security: Companies are more “connected” than ever—not only through the Web and mobile devices, but through other non-traditional routes, most notably in the physical world. Think about how connected automobiles and industrial controls are to other systems. Consequently, the risks have increased and how organizations assess the risks is changing.

It is time to focus on technology as a driver for growth and take the bold decisions to move beyond IT’s legacy constraints—constraints that make it too difficult to change, too costly to pursue new opportunities. These trends raise some of the thorny questions about IT skills sets and IT organization structures that need attention now.

The recently published Accenture Technology Vision 2012 poses a challenge to all CIO’s and their IT departments: it is time that the conversations between CIOs and business colleagues should revolve around what the organization needs IT to do—not what IT can and cannot do. Technology and business enablement have become so interconnected that businesses can no longer afford to wait for IT to catch up. So IT departments need to decide which role they want to play and where needed embrace external innovations and capabilities to support the business.

With my background in Integration Architecture, I wrote this article to provide insight in the world of Integration as a Service and to introduce an Integration-as-a-Service Offerings Model.

When to use Integration as a Service?

The following scenarios for integration can be distinguished when Cloud solutions are implemented as part of the IT landscape: I. Intra-enterprise Integration between legacy applications II. Intra-enterprise Integration between legacy applications and Cloud applications III. Intra-enterprise Integration between Cloud applications IV. Inter-enterprise B2B integration In this article, intra-enterprise or internal Cloud applications include self developed Cloud based applications as well as Enterprise specific or customized instances of generally available Cloud applications.

In an IT landscape that only consists of internal legacy applications (integration scenario I), using Integration as a Service usually doesn’t fit. As long as there are no reasons to move applications into the Cloud (e.g. due to the rigid nature of these applications), there’s also no reason to move the integration layer into the Cloud.

When internal Cloud applications are part of the IT landscape (integration scenario II), integration is required between the existing legacy applications and the internal Cloud applications. It depends on the characteristics of the data exchange whether the integration solution needs to be Cloud based or not. If the Cloud applications are heavily dependent on integration, in a sense that the Cloud application requires a lot of interfaced data when it is on its performance peak, opting for a Cloud based Integration Hub might be feasible.

For intra-enterprise cloud-to-cloud integration (scenario III), i.e. integration between cloud applications that are part of the own enterprise but reside on different Cloud platforms, the choice for an Integration as a Service solution is a logical step. Main reason for this is that the decision criteria for using Cloud applications also apply to the integration layer in between them, such as the need to quickly scale the solution up or down. Choosing for this approach will result in the entire end-to-end solution being Cloud based.

For B2B Integration (scenario IV) Integration as a Service can be a strategic option. Gartner research (see footnote)shows that the number of B2B transactions is growing and that B2B-oriented Integration as a Service is well-established. There are various niche players for several industries in the market who tend to offer standardized integration solutions with additional business services that are focusing on a specific industry.

The Integration-as-a-Service Offerings Model
The market of Integration as a Service shows an interesting mix of providers. Some providers strictly provide Integration without additional business functionality; others tend towards industry specific Software as a Service solutions on top of Integration as a Service.

This article introduces an Integration-as-a-Service Offerings Model that consists of four types of providers:

Integration Platform providers (Category 1) offer the fundamentals of integration on a Cloud based platform. From a technical point of view it can offer any functionality, but it has to be custom developed as there are no or limited re-useable items available for mappings, advanced error handling framework, etc. ESB as a Service is part of this category.

Integration Service providers (Category 2) offer mature integration services (rather than the “do it yourself” offerings of Category 1), with some industrialized solutions. However, they don’t focus on one specific industry nor offer advanced niche solutions.

Integration Solution providers (Category 3) offer a ‘between the ends’ solution and can even be positioned as independent organizations for B2B integration. Their added value is the offering of industry specific (business) functionality, rather than only providing the exchange of information. These solutions tend to look like Software as a Service applications that integrate very well.

Integration Product providers (Category 4) offer a specific integration product for a niche marked or private network. The provider focuses on the business specific functionality rather than on the technology. The niche product with relatively low volumes is based on high volume providers in Category 1, 2 or 3. The product is usually marketed as a business solution rather than a Cloud based integration product, as the selling point is the offered business functionality rather than the fact that the offering is Cloud based. Because of this type of marketing, it’s hard to identify such providers.

Applying the Model to the integration scenarios
The table below indicates how the Model maps to the different integration scenarios presented earlier in this article:

It pays off when a provider with a higher Category of the Integration-as-a-Service Offerings Model can be used. Exception is Category 4, as this category is particularly strong in B2B rather than integration within the organization itself.

Advantages of using an as high as possible Category Offering include the standardization of message events and formats as well as the availability of out-of-the-box functionality for error handling and business/industry functionality.

Conclusion
Integration as a Service is one of the many as-a-Service’s that are part of the Cloud Computing paradigm.
This article introduced an Integration-as-a-Service Offerings Model that depicts four types of offerings:

1. Integration Platform providers, who provide the fundamentals of integration on a Cloud based platform. They don’t offer industry specific solutions.
2. Integration Service providers, who provide mature integration services that are not targeted at one specific industry.
3. Integration Solution providers, who provide ‘between the ends’ solutions that are tailored for one specific industry. These offerings tend to Software as a Service due to the amount of business functionality.
4. Integration Product providers, who offer specific integration products for niche markets. They are often not recognizable as Cloud offerings and make use of third party Category 1, 2 or 3 offerings.

This model helps to determine what type of Integration-as-a-Service Offering would best fit on a specific integration scenario consisting of legacy applications, Cloud applications and B2B information exchange.

References:
Gartner research: “Predicts 2009: Platforms and Integration Middleware Move Into the Cloud” (December 2008) and “Predicts 2010: Application Infrastructure for Cloud Computing” (November 2009)
Providers: Amazon Simple Queue Service, Linxter, Windows Azure AppFrabric Service Bus, Boomi, Hubspan, F4F Agriculture, GXS Trading Grid

No, there’s more. According to a recently published research (see this survey and risk assessment) by the European Network and Information Security Agency (ENISA), Confidentiality of corporate data and Privacy are the number 1 and 2 main concerns (and showstoppers) for companies who are on a journey of implementing Cloud Computing.
This article addresses Cloud Computing from a Security and Privacy perspective and introduces a four step approach to overcome cold feed for Cloud Computing.

Typical Case
With the increasing popularity of Cloud Computing, organizations’ architects are making plans to embrace Cloud Computing in one or more of its forms, on Process, Application (also known as Software as a Service), Platform or Infrastructure level. They typically deal with this in a complex context: They are architects of global companies who have to deal with many different security and privacy laws.
Besides dealing with personal data they often deal with Intellectual Property material as well. This information should not be accessible for competitors and therefore moving this kind of data outside the organization is subject to many regulations and guidelines. This means that when they start to create visions about Cloud Computing, or start actual implementations, they have to deal with Security, Data Privacy and Export Control risks. Since typical characteristics of Cloud Computing are “open” and “accessible”, many organizations rank Cloud Computing as the highest level risk implementations in terms of Security and Privacy.
This can lead to contradicting interests between technology driven architects and the Security and Privacy departments of the organization.
But why are Security and Privacy architects so ‘scared’? And how can Accenture help you in dealing with this?
In order to address this let’s first look at some fears and facts about Cloud Computing.

Cloud Computing Security Incident: Twitter
One reason for organizations to be reserved is the unfamiliarity with Cloud Computing: it’s new. And when something is new negative press tends to be over overemphasized compared to positive press.
In the brief history of Cloud Computing, there have been incidents regarding the undesired disclosure of data. In July 2009, TechCrunch reported that they received a message from a hacker who claimed he had accessed hundreds of confidential corporate and personal documents of Twitter. The security leak consisted of using a password guessing technique to get access to Google Apps accounts used by Twitter employees for their day to day work (email, calendar, docs), where the confidential information could be found. While this incident was caused by users who used unsafe passwords or made use of easy-to-guess password recovery questions, rather than by flaws in Google Apps. This incident still shows that the chance of somebody getting access to the organization’s applications is much higher in de context of Cloud Computing than it would have been on an internal network that cannot be (easily) accessed from outside.
Such incidents don’t really promote the use of Cloud Computing.

The Main Security and Privacy Risks
Apart from the negative press that causes a general feeling of discomfort regarding Cloud Computing, there are some tangible risks that need to be addressed.

Where is the data stored?
Although Cloud Computing sounds virtual, data will eventually be stored somewhere on one or more physical servers, perhaps even at multiple locations.
Identifying the location of the servers might be difficult; especially in case of nested Cloud Services (one application in the Cloud makes use of other applications in the Cloud). Cloud service providers cannot always guarantee that data is stored in any predefined location.
In that case, multiple privacy laws apply to the overall implementation.
In some countries, like Canada and Germany, there are specific laws about storing personal data at a central location within the own company, but outside the ‘country of origin of the data’. Storing such data outside the organization is an even tougher step to take. Thus global companies and organizations have to deal with the toughest regulations around the globe.
Sometimes it is not allowed to store certain data in certain countries or engage in cross border data transfer. The USA has strict laws on exporting data and knowledge to certain countries. Therefore storing this information in so called ‘Embargoed Countries’, such as Cuba, Iran, Syria, North Korea, Myanmar (formerly Burma) and Sudan, is not allowed.

Everybody is on the Web
Hosting an application inside an organization will make it easier to prevent ‘the whole world’ from accessing it, as it is protected by firewalls and DMZ’s. But an application in the public Cloud (i.e. the Web) is accessible for everybody who has access to the Web, including unsolicited intruders as the Twitter incident showed.

Terms & Conditions
Many people use web based applications like Gmail, LinkedIn, Hyves and Facebook. Most people just tick ‘I agree with the terms and conditions’ and assume it’s all fine. That’s a risky assumption, as personal information is not always as private as users think. For instance, several concerns have emerged around Facebook’s privacy agreement.
The same applies to Cloud Computing. Server space is bought within a couple of minutes with a couple of clicks (and a credit card number). But it’s very important to check and understand the Terms & Conditions of the provider of the cloud applications. Not only in terms of Security and Privacy (e.g. under which conditions will they grant access to the data to Justice or General Intelligence and Security Service?), but also in terms of availability and other SLA’s.

Shared Applications, Shared Infrastructure?
Cloud Computing implies the use of shared applications, shared infrastructure and probably shared databases. When data from many organizations is stored in one common database, in common tables, data access violations can be a risk. Splitting databases reduces the risk of data access violations.

Types of clouds addressing Security and Privacy
From a Security and Privacy perspective, various types of clouds can be used to address the earlier mentioned risks:

Public Cloud
The Public Cloud is externally hosted and publicly accessible. It is both open and agile by nature. Due to its virtual character, the physical location of the shared servers is usually not (exactly) known and Terms & Conditions are identical for all users.
Some organizations might conclude that the Public Cloud is not the best solution due to its open and intangible character. They might consider the following alternatives.

Internal Cloud
An Internal Cloud basically is a cloud that resides in the organization’s own data centre. Shielded from the outside world, but lacking (part of) the agility you will find at a Public Cloud. Advantage is the great extend of control that the organization has, including where the physical servers are located and under which Terms & Condition the cloud is implemented. Applications and servers are not shared with other organizations.

Virtual Private Cloud
A Virtual Private Cloud combines characteristics of both the Public and Internal Cloud. It is a dedicated, secured cloud within a Public Cloud environment. This means that the cloud is hosted outside the organization in the public domain, but can only be accessed via a private/secure connection – so not by ‘the whole world’.
Another advantage is that it provides the agility of a Public Cloud with the possibility of tailored Terms & Conditions. The physical location of the servers isn’t necessarily (exactly) known and parts of the infrastructure might be shared with other organizations.

Hybrid Cloud
The Hybrid Cloud consists of a combination of Public Cloud, Virtual Private Cloud and/or Internal Cloud.

Please note that the term Private Cloud is also commonly used as a type of cloud. Unfortunately, the meaning of this term is not ambiguous: sometimes it is used to refer to a Virtual Private Cloud (i.e. outside the own organization), sometimes it is used to refer to an Internal Cloud (i.e. inside the own organization).

The table below summarizes how the various types of cloud address the earlier mentioned risks and Agility:

How to overcome or avoid cold feet?
So how can you overcome or avoid cold feet and become comfortable with Cloud Computing? This article introduces a four step approach:

Think about it – be rational
Many barriers regarding the use of Cloud Computing are psychological. Based on the lack of information, or based on wrong information, or just perception.
Of course, Cloud Computing does cause additional restrictions in terms of Security and Privacy. Many organizations have a tough security intake process, and combining ‘confidential data’ with ‘data accessible by third parties via the Internet’ makes it a top category security implementation. This means of course that they will enforce a very high level of security to the external vendors. The stakes are high, if something goes wrong, large fines may be the consequence due to the breach of various regulations, let alone the impact of the public reputation of the organization.
On the other hand, for Cloud Computing providers topics like Security and Privacy are core-business. They can’t afford to suffer from such incidents as this will cost them big business, now and in the future. So they will take extra care. Whereas for most big companies, IT is not core-business, so in general, they won’t be able to dedicate as much money and resources to IT (including Security and Privacy) as a Cloud Computing provider.
Actually, in many cases you might experience an improvement of Security and Privacy when you move to a Cloud Computing solution.

Read and learn about it
Two interesting starting points to read and learn about Security and Privacy in Cloud Computing are Craig Balding’s Cloud Security and the World Privacy Forum. These sites might help clearing the skies during the journey of introducing Cloud Computing. Industry or market specific researches on Cloud Computing can be found on the web.
Read more about the advantages and disadvantages of the various cloud types (Public, Virtual Private, Internal, Hybrid) in terms of Security and Privacy. And Accenture has Point Of Views on Cloud Computing that address Security and Privacy as well.
An interesting book to consult is ‘Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice)’.

Hear about it
The best way to promote Cloud Computing is via word of mouth. No story is more convincing than a story from somebody who is already using Cloud Computing.
Make a couple of reference visits with other organizations who are either dealing with a similar situation or already are a few steps ahead. Accenture has the network and showcases which can help you get more comfortable with Cloud Computing.

Check it
Some providers of Cloud Computing even allow site visits. So you can personally have a look and see how it works. And quite commonly, providers have their environments regularly audited by one or more independent external companies. Ask for these reports to validate the points that are of great importance to the organization.

Conclusion
Cloud Computing is a new topic for many companies. The perception of Security, Privacy and Audit departments regarding Cloud Computing is often based on bad press and a lack of detailed, fact-based knowledge. There is no desire for that which is unknown.

This article introduced a four step approach to overcome or avoid cold feet:
• Think about it – be rational: Cloud Computing providers know what they’re dealing with. In the agile world of Cloud Computing they can lose customers as easy as they won them – and they won’t put their own business at risk by not properly addressing Security and Privacy.
• Read and learn about it: There’s a lot of information available regarding Security and Privacy in a Cloud Computing context. This article provides information as well as numerous references.
• Hear about it: Organize reference visits. There’s no better way to convince people than via word of mouth.
• Check it: Visit the provider and request independent audit reports.

Following these four steps makes it easier to clear the skies and overcome cold feed for a Cloud Computing solution.